The New Web Challengers

Browser Wars II: Firefox's Grassroots Cure for Internet Insecurity

Brendan Eich of the Mozilla Foundation.
Photograph: Eric Millette
There's a new challenger for the browser crown, offering security the champ can't match.

Microsoft appeared to put a resounding end to the browser wars back in the late 1990s by integrating the free Internet Explorer with Windows. No browser has put a dent in IE's dominance since then, but the tide may be turning. And the browser king's Achilles' heel could be its close ties to Windows.

The nonprofit Mozilla Foundation, which hopes to address IE's inherent security flaws, oversees the development of the Mozilla browser. The group was founded in 2003 with financial support from AOL's Netscape division, but it relies on contributions of work and money from corporations and individuals. The group's project produced a faster, smaller browser: Firefox.

Mozilla Foundation chief technologist Brendan Eich says IE's security problems run deep down to its Windows roots. IE is "the target of choice, and it's overintegrated with Windows," says Eich, who wrote the JavaScript scripting language for the original Netscape browser in the mid-1990s. For example, by default IE allows sites on your "trusted" list to start downloads automatically, but spoofing (altering) this list is relatively easy. "There are so many holes in IE that giving it the power to do automatic downloads is a bad idea," Eich says.

Firefox benefits from the Mozilla Foundation's hundreds of volunteer programmers, testers, and contributors, who poke around the browser's program code to uncover and publicize flaws and possible breaches. The foundation even offers a bounty of $500 per bug, and it promises to have patches ready in one or two days in most cases, according to Eich. Compare that with the weekly or monthly IE security updates Microsoft posts on the Windows Update site.

But their contributions go far beyond security. "There are so many users and use cases, you don't want to leave anyone out," according to Eich. "You want to have this thriving developer community," Eich says, "to let their creativity go wild."

Dennis O'Reilly and Scott Spanbauer

Subscribe to the Daily Downloads Newsletter

Comments